Lucene search

Veracode Vulnerability DatabaseVERACODE:43182

HistorySep 07, 2023 - 9:39 a.m.

Heap Buffer Overflow

2023-09-0709:39:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

validation

bi_size

memory

avi

bitmap_info_header

avi_parse_input_file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

libgpac.so is vulnerable for Heap Buffer Overflow. The vulnerability is due to the lack of validation for the ‘bih.bi_size’ variable when copying a block of memory into ‘AVI->bitmap_info_header’ within the ‘avi_parse_input_file’ function located in the ‘src/media_tools/avilib.c’ file.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86

github.com/gpac/gpac/issues/2573

huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6

huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for VERACODE:43182